CVE-2018-5734
Last modified
CVE-2018-5734 is a vulnerability of currently unknown severity. While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information. EPSS estimates a 6.24% chance of exploitation in the next 30 days.
Description
While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Isc | Bind | 9.10.5 | S1 |
| Isc | Bind | 9.10.6 | S1 |
| Netapp | Data Ontap Edge | All versions | — |
| Netapp | Solidfire Element Os Management Node | All versions | — |
References
- http://www.securityfocus.com/bid/103189Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1040438Third Party Advisory, VDB Entry
- https://kb.isc.org/docs/aa-01562Vendor Advisory
- https://security.netapp.com/advisory/ntap-20180926-0005/Third Party Advisory
- http://www.securityfocus.com/bid/103189Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1040438Third Party Advisory, VDB Entry
- https://kb.isc.org/docs/aa-01562Vendor Advisory
- https://security.netapp.com/advisory/ntap-20180926-0005/Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-5734?
How severe is CVE-2018-5734?
How do I fix CVE-2018-5734?
Are you affected by CVE-2018-5734?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST